A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
microsoft internet_explorer 9 |
||
microsoft internet_explorer 10 |
||
microsoft internet_explorer 11 |
Google wants researchers, vendors to stop making attacks easy Apple emits emergency iOS security updates while warning holes may have been exploited in wild by hackers
Enigma To limit the impact of zero-day vulnerabilities, Google security researcher Maddie Stone would like those developing software fixes to stop delivering shoddy patches. In a presentation at USENIX's Enigma 2021 virtual conference on Tuesday, Stone offered an overview of the zero-day exploits detected in 2020. A zero-day, she explained for attendees outside the infosec community, refers to an exploit targeting a previously unidentified vulnerability. Zero-day flaws are a problem because they...
IT threat evolution Q2 2020. PC statistics IT threat evolution Q2 2020. Mobile statistics In April, we reported the results of our investigation into a mobile spyware campaign that we call ‘PhantomLance’. The campaign involved a backdoor Trojan that the attackers distributed via dozens of apps in Google Play and elsewhere. Dr Web first reported the malware in July 2019, but we decided to investigate because the Trojan was more sophisticated than most malware for stealing money or displaying ...
In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer and an elevation of privilege exploit for Windows. Unlike a previous full chain that we discovered, used in Operation WizardOpium, the new full chain targeted the latest builds of Windows 10, and our ...
Exploit kits are not as widespread as they used to be. In the past, they relied on the use of already patched vulnerabilities. Newer and more secure web browsers with automatic updates simply do not allow known vulnerabilities to be exploited. It was very different back in the heyday of Adobe Flash because it’s just a plugin for a web browser, meaning that even if the user has an up-to-date browser, there’s a non-zero chance that Adobe Flash may still be vulnerable to 1-day exploits. Now tha...
Update Internet Explorer now after Google detects attacks in the wild
Microsoft today emitted an emergency security patch for a flaw in Internet Explorer that hackers are exploiting in the wild to hijack computers. The vulnerability, CVE-2018-8653, is a remote-code execution hole in the browser's scripting engine. Visiting a malicious website abusing this bug with a vulnerable version of IE is enough to be potentially infected by spyware, ransomware or some other software nasty. Thus, check Microsoft Update and install any available patches as soon as you can. Any...
Vulmon